Quality Management Systems Guidelines for Construction 15 August 2013 These guidelines are a key element of the Procurement Policy Framework of the NSW Government. They are available from the NSW Government Procurement website www.procurepoint.nsw.gov.au The document shall be updated on an ongoing basis by the Department of Finance & Services to reflect changes to government policy and procedures. To ensure accurate and up to date information, agencies are advised to access the latest version directly from the website. Further information on these guidelines should be addressed to: NSW Procurement Client Support Centre: Telephone: Email: 1800 NSW BUY (1800 679 289) nswbuy@services.nsw.gov.au Issue log Issue release date details 1. June 2005 Original document 2. April 2006 Amendment (unspecified) 3. August 2013 Removed reference to requirement for agency accreditation of Quality Management Systems, which is no longer relevant. This to acknowledge contemporary relevance of AS/NZS ISO 9001 Quality management systems – Requirements. Amendment to improved alignment with the AS/NZS ISO 9001 Quality management systems – Requirements. Amendment shows work health & safety (previously, occupational health & safety) Contents CONTENTS ............................................................................................................................................ 3 TERMS USED IN THE GUIDELINES ..................................................................................................... 4 1 INTRODUCTION ............................................................................................................................ 5 1.1 Scope and purpose .................................................................................................................. 5 1.2 Why quality management?...................................................................................................... 5 1.3 Key aspects of the Guidelines ................................................................................................ 5 2 REQUIREMENTS AND APPLICATION......................................................................................... 6 2.1 Requirements ........................................................................................................................... 6 2.2 Application ............................................................................................................................... 7 3 SYSTEM COMPONENTS .............................................................................................................. 9 3.1 Standard ................................................................................................................................... 9 3.2 Quality Management System .................................................................................................. 9 3.3 Quality Management Plans ..................................................................................................... 9 3.4 Design plans........................................................................................................................... 10 3.5 Inspection and Test Plans ..................................................................................................... 10 3.6 Audit plans ............................................................................................................................. 10 4 REQUIREMENTS FOR AGENCIES AND OTHER CUSTOMERS .............................................. 11 4.1 Organisational activities........................................................................................................ 11 4.2 Project and contract activities .............................................................................................. 12 5 REQUIREMENTS FOR SERVICE PROVIDERS ......................................................................... 14 5.1 Organisational activities........................................................................................................ 14 5.2 Project and contract activities .............................................................................................. 14 6 AUDITS ........................................................................................................................................ 16 6.1 General.................................................................................................................................... 16 6.2 Scope ...................................................................................................................................... 16 6.3 Responsibility ........................................................................................................................ 16 6.4 Conduct .................................................................................................................................. 17 6.5 Reports ................................................................................................................................... 17 6.6 Actions .................................................................................................................................... 17 APPENDICES....................................................................................................................................... 18 3 Quality Management Systems Guidelines – Edition 3 Terms used in the guidelines The terms defined in the current AS/NZS ISO 9000, Quality management systems – Fundamentals and vocabulary, apply to these Guidelines. The following definitions also apply and take precedence: “agency” means a NSW Government department, authority, corporation or other entity established by an Act of the NSW Parliament, excluding (for the purposes of the Guidelines) State Owned Corporations. The terms Government agency, agency or agencies may be used interchangeably. Agencies may be customers. “audit” means an examination of a random or particular sample of processes to determine whether or not correct plans/procedures are being followed, and includes a document review or an examination of activities or an examination of documents and activities, to assess their conformity with requirements. “certification” (of a Quality Management System) is the attestation by certificate that the QMS meets certain defined provisions of the current AS/NZS ISO 9001 Quality management systems – Requirements for use for a certain scope of activities. Usually this would be provided following a 3 rd party certification audit by an organisation accredited under a Joint Accreditation System of Australia and New Zealand (JAS-ANZ) recognised product certification scheme or another scheme acceptable to the relevant agency. “construction” includes all organised activities concerned with demolition, building, landscaping, maintenance, civil engineering, process engineering, heavy engineering and mining. “customer” means an entity calling for tenders and awarding a contract, including a customer as defined in the current AS/NZS ISO 9000 Quality management systems – Requirements. Each contract involves a customer and a service provider. “Guidelines” means Quality Management Systems Guidelines. “ITP” means Inspection and Test Plan. “QMP” means Quality Management Plan (including design plan). “QMS” means Quality Management System. “service provider” (or "organisation" as defined in the current AS/NZS ISO 9000 Quality management systems – Requirements) means a contractor, consultant and supplier, and their service providers, that contract with a customer to carry out asset construction, provide other products (including goods) and/or provide services. 4 Quality Management Systems Guidelines – Edition 3 1 Introduction 1.1 Scope and purpose The NSW Government relies on service providers that are committed to continual improvement in their efficiency and effectiveness. For this reason, the Government and its agencies seek service providers that take a systematic approach to the management of quality, and in so doing better control and improve performance. These Quality Management Systems Guidelines are designed to assist agencies and other customers in the subcontract delivery chain, and their service providers, in agency construction works (including ancillary asset maintenance and operation) procurement, by providing a framework, based on the current AS/NZS ISO 9001, Quality management systems – Requirements, for applying a systematic approach to the management of quality. This includes: customers developing and implementing Quality Management Systems service providers developing and implementing Quality Management Systems, Quality Management Plans, and Inspection and Test Plans service providers achieving a certified Quality Management System for agency contracts valued at $1 million or more with sufficient risk to quality, as determined by the agency, from a date to be determined by the agency 1.2 Why quality management? The implementation of quality management and the Guidelines is designed to encourage and assist: the management of projects and contracts by all customers and service providers to achieve consistently the required outcomes a better customer service approach by service providers continual improvement in the delivery of project and contract outcomes and a consistent approach by agencies in specifying, and service providers in providing/implementing Quality Management Systems, Quality Management Plans (including design plans), and Inspection and Test Plans, and in monitoring their implementation 1.3 1 2 3 4 Key aspects of the Guidelines The Guidelines follow the current AS/NZS ISO 9000 Quality management systems – Requirements, and provide additional guidance for construction works procurement The Guidelines are for both customers and service providers The Guidelines outline the recommended requirements with applicable projects for the effective preparation and implementation of Quality Management Systems, Quality Management Plans, and Inspection and Test Plans. Checklists and guides in the Appendices are provided to assist in the assessment and preparation of Quality Management Systems, Quality Management Plans, and Inspection and Test Plans Certified Quality Management Systems will be required from service providers for agency contracts valued at $1 million or more involving sufficient risk to quality, and for substantial consultancies and product supplies that involve sufficient risk to quality. See Table 1 below for more information 5 Quality Management Systems Guidelines – Edition 3 2 Requirements and application 2.1 Requirements To assist the productivity and performance of service providers and the continual improvement in their efficiency and effectiveness, service providers will be required to implement quality management based on the current AS/NZS ISO 9001 Quality management systems – Requirements, and these NSW Government Guidelines for agency construction works procurement. Each agency will assess the likelihood of nonconforming work arising, the extent of the associated adverse impacts, and thus the level of risk, for each contract between the agency and its service providers (see Section 4.2.1). The outcome of this risk assessment and the value and type of contract involved will help (with any other agency specific criteria) the agency determine the contract quality management requirement for a Quality Management System, and/or a Quality Management Plan (including any design plan) and Inspection and Test Plans. Service providers will, in turn, assess the level of risk in the same way for their service providers, and specify the requirements accordingly to suit each subcontract involved. The contract quality management requirements for service providers will be determined using the following table as a guide. Appropriate contract clauses should be included in the contract between the agency and service provider and related subcontracts to suit the requirements determined. Consultancies or Service Provision Construction Contracts TYPE OF WORK AND RISK UNDER THE CONTRACT Product Supply VALUE AND TYPE OF CONTRACT Table 1 Type of Work and Risk Under the Contract Valued at $1m or more Valued at under $1m Valued at $100,000 or more Valued at under $100,000 Valued at $50,000 or more Valued under $50,000 COMPLEX, with a definite possibility of nonconformity with the specification and significant impacts HIGH – Service provider must have a certified Quality Management System, and implement a Quality Management Plan and Inspection and Test Plans MEDIUM – Service provider must implement a Quality Management Plan and Inspection and Test Plans HIGH – Service provider must have a certified Quality Management System and implement a Quality Management Plan MEDIUM – Service provider must implement a Quality Management Plan and certify service conformity HIGH – Product supplier must have a certified Quality Management System and provide test certificates and product certification of product conformity with requirements MEDIUM – Product supplier must provide test certificates and certification of product conformity with requirements 6 SIMPLE, or simple and repetitive with some or little possibility of nonconformity with the specification MEDIUM – Service provider must implement a Quality Management Plan and Inspection and Test Plans LOW – Service provider must have and implement Inspection and Test Plans MEDIUM – Service provider must implement a Quality Management Plan and certify service conformity LOW – Service provider must implement a basic Quality Management Plan and certify service conformity LOW – Agency (customer) will rely on delivery inspections and/or the provision of certification of product conformity with requirements LOW – Agency (customer) will rely on delivery inspections and/or the provision of certification of product conformity with requirements Quality Management Systems Guidelines – Edition 3 Agencies may require potential service providers to have a certified Quality Management System for smaller, lower valued, high risk and specialist contracts where the table does not indicate this. Agencies may develop their special requirements for the partial Systems, Quality Management Plans and/or Inspection and Test Plans. 2.2 Application The Guidelines apply to agency construction works, procurement projects and activities, and the provision of related services and products. This includes the provision of services and products with all the project activities, ranging from feasibility studies and concept development to asset construction, operation, maintenance, and ultimately demolition and disposal where applicable. That is, all the procurement process stages allowed for in the NSW Government Procurement Policy as outlined below. It also includes the procurement of public infrastructure for the Government, financed either completely or partly by the private sector, such as with Privately Financed Projects. Further information is available at www.procurepoint.nsw.gov.au regarding procurement, including specific procurement planning and delivery guidelines. Refer also to Appendix B. A six step process for the construction of buildings, engineering, maintenance, landscaping and demolition activities: 1. NEEDS ANALYSIS Determine the need to be met and whether procurement provides the optimal solution Key Activities Define the need Identify options to satisfy the need Justify decision to procure Decision Point Decide to procure 2. FUNDING APPROVAL Determine the scope of the required project and develop the business case or investment justification to obtain necessary funding to proceed Key Activities Define project scope and objectives Develop preliminary procurement strategy Develop preliminary risk, stakeholder and change management plans Develop business case and funding request Decision Point Funding approved 3. PROJECT PROCUREMENT PLAN Determine the strategy for approaching the market and prepare a procurement plan to ensure a viable acquisition outcome Key Activities Establish governance structure Determine market approach (procurement strategy) Prepare project procurement plan Decision Point Procurement plan approved 7 Quality Management Systems Guidelines – Edition 3 4. SERVICE PROVIDER SELECTION Produce request for tender documents and seek offers from the market. Select the service provider(s) that provides best value for money. Key Activities Prepare request for tender documents and obtain approval for release Prepare tender evaluation plan Seek offers from the market Evaluate offers and select service provider(s) Obtain approval to award contract to selected service provider(s) Decision Point Contract awarded 5. CONTRACT MANAGEMENT Ensure service provider(s) delivers the asset, goods or services in accordance with contractual obligations. Key Activities Manage contract Ensure delivery Manage service provider performance Decision Point Project commissioned 6. PROCUREMENT EVALUATION Review the outcomes of the project and disseminate any learnings. Key Activities Review outcomes against objectives Assess service provider performance and value for money Capture and disseminate lessons learned Decision Point Outcomes evaluated 8 Quality Management Systems Guidelines – Edition 3 3 System components 3.1 Standard These Guidelines are based on the current AS/NZS ISO 9001 Quality management systems – Requirements, and are designed to provide additional guidance and assist in implementing the standard for construction works procurement. 3.2 Quality Management System A Quality Management System provides a structure, including documentation and processes, which enables the delivery of products and services to be controlled and managed to meet the specified requirements consistently. The extent and detail of the documentation and processes included in a service provider’s Quality Management System would be determined to suit the products, services, practices and characteristics of the service provider, its customers’ requirements, and the needs of its personnel and its own service providers. Establishing and implementing a Quality Management System involves: identifying the areas and assessing the associated level (likelihood and impact) of risk of products and services not conforming with the specified requirements developing processes, generally documented as plans and procedures, to manage the risks identifying and providing resources and allocating responsibilities to suit the plans and procedures implementing the plans and procedures monitoring, auditing and improving the implementation of plans and procedures regularly reviewing and improving the Quality Management System A Quality Management System may be integrated with other management systems (such as those for environmental and work health and safety management) or it may be separately documented. For some contracts an agency may require the service provider to use nominated quality management documentation developed by the agency or others. Appendix A and Appendix C provide further guidance regarding the requirements for Quality Management Systems. 3.3 Quality Management Plans A Quality Management Plan is a project or contract specific plan developed by the service provider by applying an appropriate Quality Management System to plan and carry out the work involved, to ensure conformity with the requirements for the project/contract and to manage the quality risks. The Quality Management Plan is used and updated regularly during the life of the project or contract. A Quality Management Plan would include clearly defined: project or contract objectives resources to be used, including management structure/personnel and their training for the work personnel responsibilities and authorities process controls to be used to deal with the work and risks involved, including quality procedures, and ITPs and associated checklists, with methods for measurement/analysis methods to be used to monitor and audit implementation methods to be used to identify nonconformities, and implement corrective and preventive actions 9 Quality Management Systems Guidelines – Edition 3 methods to be used for document control and records management, including maintaining, securing/protecting/storing, identifying, retrieving and otherwise controlling records for the periods required and then their disposal Appendix A and Appendix D provide further guidance regarding the documentation requirements for Quality Management Plans. 3.4 Design plans Design activities require reviews, verification, validation and change control as detailed in the current AS/NZS ISO 9001 Quality management systems – Requirements, Appendix C and Appendix D. A design plan covering this for the design activities for each phase or stage of the design should be prepared, implemented and updated by each service provider involved in design as part of its Quality Management Plan. The design plan should identify: competent personnel to undertake these activities, with their details, qualifications, authorities and responsibilities organisation structure showing reporting relationship and technical interfaces, including with the customer and service providers design input and output processes and documents required design reviews, verification, validation and change control required co-ordination and other processes and procedures Each service provider QMS and QMP must detail the controls they will use for the design processes to be carried out by their service providers to ensure all requirements will be satisfied. 3.5 Inspection and Test Plans For construction activities (which may include design), Inspection and Test Plans are required in documenting the procedure to be undertaken and providing evidence (including reviews and verification points) that a particular work process/product or activity conforms to the specified requirements. Inspection and Test Plans may also be used to incorporate work health and safety, environmental and regulatory requirements, and identify and trace nonconforming work. For complex processes ITPs may need to be supplemented with method statements and other documentation. The content of Inspection and Test Plans is based on the contract drawings, contract specifications/conditions and other sources such as standards, legislation and regulatory requirements. An Inspection and Test Plan would: detail the inspections and tests required, including Hold and Witness Points identify acceptance criteria, sampling and testing methods and frequency of sampling/testing identify responsibilities for inspection and testing and product/service approval detail the records to be provided, including those required for identification and traceability Appendix A and Appendix E provide further guidance on, and samples and examples of, the documentation of Inspection and Test Plans. 3.6 Audit plans As outlined in the Appendices, audits and reviews are part of the implementation of any Quality Management System and Quality Management Plan. An audit plan would be included in a QMP to cover the arrangements and requirements for a project/contract, in accordance with Section 6. 10 Quality Management Systems Guidelines – Edition 3 4 Requirements for agencies and other customers 4.1 Organisational activities Agencies and other customers will select and specify appropriate quality management requirements in their request for tender documents and contract documents. Activities will then be planned to implement quality management, including monitoring the conformity of service providers with quality requirements. Only service providers with a demonstrated ability to implement effectively appropriate quality management practices/processes would be used. 4.1.1 Allocating resources For each procurement activity, customers will allocate sufficient resources to manage quality, including personnel with the appropriate knowledge, skills and experience, to cover the defined practices/processes and procedures required for tender/contract documentation, management and activities generally. 4.1.2 Providing training Appropriate training will be provided to personnel, including in: the quality management requirements for construction as outlined in the Guidelines the principles, standards and codes applicable to Quality Management Systems specification of quality requirements assessment of a potential service provider’s Quality Management System review of a service provider’s Quality Management System documentation, including any Quality Management Plan, and Inspection and Test Plans, submitted in connection with a contract monitoring, reviewing and auditing of a service provider’s implementation of the required quality management, and notifying the service provider where any action is required 4.1.3 Developing procedures Procedures will be developed and implemented to: define and control the quality of products and services identify the requirements for Quality Management Systems, Quality Management Plans, and Inspection and Test Plans assess a potential service provider’s quality management documentation and ability to meet specified quality management requirements verify that service providers implement the required quality management manage an audit/review program 4.1.4 Maintaining records Records will be maintained of the following: assessments of Quality Management Systems, where applicable reviews of Quality Management Plans, and Inspection and Test Plans, as applicable audit and other reports on the implementation of Quality Management Systems, Quality Management Plans, and Inspection and Test Plans, as applicable performance reports on service providers related correspondence with service providers 11 Quality Management Systems Guidelines – Edition 3 4.2 Project and contract activities A process chart showing project/contract activities and responsibilities generally applying for quality management is provided in Appendix B. 4.2.1 Assessing contract risk The level of risk must be determined for each contract. The probability or likelihood and consequences or impact of nonconformity with specified requirements (including quality, technical, work health and safety, environmental, financial and operational) determine the level of risk. Table 1 in Section 2 provides general guidance on assessing the level of risk. For suitable projects, the risk level could be determined using the methods outlined in AS 4360, Risk Management and the information available at http://www.treasury.nsw.gov.au/tam/tam-intro. 4.2.2 Specifying quality requirements Contract requirements for a Quality Management System, Quality Management Plan, and Inspection and Test Plans, will be specified in the request for tender and contract documents. Suggested contract requirements based on the level of risk are shown in Table 1 in Section 2. The need for, and scope of, monitoring activities for a contract would be assessed and contract conditions allowing for such activities included in the contract documents. These may include audits/reviews arranged and resourced by both the service provider (1 st party) and the agency or other customer (2nd party). Customers may use the results of service provider audits/reviews. The minimum standard to be met by tenderers (as potential service providers) for their tender to be considered, such as having a certified Quality Management System, and the other related evaluation criteria by which the tenderers will be judged, must be stated in request for tender documents. Some suggested standard contract conditions and conditions of tendering are given in Appendix F. 4.2.3 Assessing quality management abilities Potential service providers’ quality management abilities would be assessed in a tender evaluation process, using the identified evaluation criteria. Possible evaluation criteria include: the status of their Quality Management System; and/or the nature of the quality management implemented on current and/or recent comparable contracts. This may include assessment of a potential service provider’s past Quality Management Plans, and/or past Inspection and Test Plans. Where the relative abilities of the potential service providers are known, or it is assessed that they will not affect the tender evaluation outcome (such as with low risk contracts), consideration of Quality Management Plans (and design plans) and/or Inspection and Test Plans may not be required in a tender process. Where there is a limited number of potential service providers with Quality Management Systems, or having a QMS is assessed as unnecessary for the risks involved with the type and nature of the proposed contract, the agency may accept a service provider that demonstrates it has alternative, adequate and relevant process control in place. This may involve, for products, appropriate product test certificates from an appropriate test facility, and for consultant services, appropriate Quality Management Plans covering the service delivery. 4.2.4 Monitoring implementation during the contract The service provider’s Quality Management Plan and/or Inspection and Test Plans should be reviewed for conformity with the requirements at the commencement of the contract. Subsequent reviews, audits, inspections, and witness and surveillance activities to monitor adequately the QMS, QMP and ITP implementation would also be planned, resourced and undertaken. 12 Quality Management Systems Guidelines – Edition 3 The level of risk involved with the contract, together with the performance of the service provider and the results of any 1st party reviews and audits, would be considered in assessing the need for 2nd party reviews and audits. Audits/reviews would be undertaken in accordance with Section 6. Audit/review findings would be reviewed, with any comment obtained from the service provider, and the appropriate corrective action and verification would be sought from the service provider. If inspection, witnessing or surveillance indicated that implementation of a QMS or QMP or ITP was not satisfactory, further auditing/reviewing and other such activities to verify conformity would be undertaken. Confirmation of the satisfactory completion of audits, reviews, inspections and tests, and the corrective action undertaken by the service provider to meet contract requirements would be obtained from the service provider, and assessed progressively and when making progress payments for completed work. The performance of the service provider in meeting quality requirements should be evaluated and included in regular performance reports prepared for and addressed under the contract. Records of the above contract management activities should be maintained. 13 Quality Management Systems Guidelines – Edition 3 5 Requirements for service providers 5.1 Organisational activities 5.1.1 Developing a Quality Management System The scope and extent of documentation in a service provider's Quality Management System will depend on the products and services delivered by the service provider and the particular customer requirements, including those of the agencies with which they wish to work. Service providers must allocate resources, including personnel with sufficient knowledge, skills and experience in quality management, and have corporate procedures for developing, implementing and maintaining their Quality Management System, Quality Management Plans, and Inspection and Test Plans, as applicable, and to monitor their effective implementation with contracts. Service providers that purchase or subcontract products and/or services would ensure each customer’s quality requirements are reflected in the applicable purchase or subcontract documents. 5.1.2 Addressing agency requirements Service providers interested in tendering for agency contracts must address the applicable agency Quality Management System requirements and other conditions of tendering for the type and value of products and services involved. 5.2 Project and contract activities 5.2.1 Identifying requirements for tenders and contracts The requirements for a service provider's Quality Management System, Quality Management Plan and Inspection and Test Plans will be as specified in the request for tender documents and contract documents. Appendix A shows the recommended documentation requirements where conformity with the Guidelines, and a Quality Management System, a Quality Management Plan and/or Inspection and Test Plans are specified. Individual agencies may determine and specify different requirements for a contract. Appendix A is based on the current AS/NZS ISO 9001 Quality management systems – Requirements. Standards Australia handbook HB90.3-2000, The Construction Industry Guide to ISO 9001:2000, may provide further guidance for service providers in the construction industry. When only Inspection and Test Plans are required, the necessary documentation is shown in the ITP column in Appendix A. When a Quality Management Plan is required, Inspection and Test Plans will also be necessary, and the documentation recommended is shown in the Quality Management Plan and ITP columns in the Appendices. When a Quality Management System is required, a contractspecific Quality Management Plan and Inspection and Test Plans will also be necessary, and the required documentation is as shown in all three columns in the Appendices. Where needed, the requirements for consultant Quality Management Plans should be adapted to suit the service to be provided. Where "documented procedures" or "methods" are required, they may be separate procedures or methods or be included as part of other procedures. "Process documentation" involves all the documents needed to ensure the effective planning, implementation and control for the process involved. For contracts requiring certified Quality Management Systems, tenders would normally only be sought from potential service providers with a certified QMS. To determine the QMS status of potential service providers in tender processes (including applications for a prequalification list for use with several 14 Quality Management Systems Guidelines – Edition 3 tender processes and expressions of interest for pre-registration for a particular tender process) tenderers may be required to provide: a description of their Quality Management System; evidence of meeting the QMS requirements; and/or other documentation to demonstrate their ability to meet relevant conditions. A potential service provider’s ability to undertake quality management for a contract not requiring it to have a certified QMS by the agency would normally be assessed by the agency on compliance with the Guidelines and other agency criteria of the organisation’s QMS, documented procedures to the degree they are developed, and past Quality Management Plans, and Inspection and Test Plans, used on recent comparable contracts. 5.2.2 Submitting tenders To demonstrate how the potential service provider will meet the tender and proposed contract requirements, a tender must provide the information sought by the customer’s tender documents with any additional information needed to demonstrate the ability sought. This will include evidence of a certified QMS where this is required, and may include documented procedures, and samples of past Quality Management Plans, and Inspection and Test Plans, implemented on recent comparable contracts. 5.2.3 Contract requirements The contract conditions would normally include, as a minimum: preparation of a Quality Management Plan and/or Inspection and Test Plans for the work covering the service provider and its service providers, or allowing for each to provide a QMP and ITPs, and the submission of these or certification of their conformity to the contract Principal before applicable work commences reviewing and updating the Quality Management Plan and/or Inspection and Test Plans planning and conducting its reviews, audits, inspections, witnessing and surveillance of the implementation of the Quality Management System (where applicable), Quality Management Plan and/or Inspection and Test Plans controlling nonconforming services/products and undertaking appropriate corrective and preventive actions claiming for payment for the work with evidence of conformity with requirements establishing, and maintaining records of the above actions providing access to the work sites, information, documentation, records, explanations, personnel and accommodation necessary for any 2nd party audits/reviews A typical set of tender/contract conditions specifying such requirements is included in Appendix F. 15 Quality Management Systems Guidelines – Edition 3 6 Audits 6.1 General One of the essential features of a Quality Management System is the assurance its use provides to the customer that appropriate quality management is being implemented. Although service provider performance without such an assurance may be satisfactory, there is less risk of unsatisfactory outcomes when systematic management is in place, including effective audit and corrective action arrangements. The resources a customer needs to manage quality can be reduced when effective audits (including reviews) demonstrate the service provider is managing the contract quality risks. Audits may be: 1st party audits (commonly known as “internal” but may be carried out by an external auditor organisation) carried out or arranged by a service provider to evaluate its own conformity with the requirements. The notification and conduct of such audits are not as formal as for 2nd or 3rd party audit. 2nd party audits (commonly known as “external” audits) carried out by, or arranged by, an agency or other customer to evaluate the activities of its service providers. The notification and conduct procedures for the audit are formal and necessitate more planning and preparation. 2 nd party audits may use the results of the 1st party audits. 3rd party audits (commonly known as “certification” audits) carried out for the service provider by an independent organisation accredited under a JAS-ANZ recognised scheme, or equivalent, to certify that a service provider’s QMS, and/or its implementation, meet defined requirements for a specified scope of services or products or both. These audits are generally the most formal. Internal and certification audits may provide assurance to the customer that the required level of performance can be, and/or is being, achieved, without the customer resorting to extensive external auditing. Audits may involve: document reviews or system audits to ensure that the service provider has plans/procedures in place to cover all the required aspects of a Quality Management System compliance (or procedural) audits to ensure that the specified plans/procedures are being implemented and are effective 6.2 Scope The number of audits and reviews and the scope of each would be determined to suit: the risks identified and risk levels assessed with the contract the contract documents and Quality Management System the service provider's performance, including the previous nonconformities identified and the effectiveness of its audit/review arrangements and other controls The scope and format of each audit and review would be documented. Appendix G includes three examples of typical audit/review arrangements. The specific audit arrangements used would be customised to meet the requirements of each particular contract. Simpler performance reviews may also be implemented. 6.3 Responsibility The service provider is responsible for engaging auditors for 1st and 3rd party audits. The agency or other customer is responsible for 2nd party audits. 16 Quality Management Systems Guidelines – Edition 3 Any appointed auditor organisation or other auditor would manage the audits, in consultation with the responsible party in accordance with the contractual and other rights and obligations of the contracting customer and service provider parties. Customers may require evidence of 1st and 3rd party audits under their contracts with service providers, and service providers would then provide notice of impending and completed audits. Reasonable notice of impending 2nd party audits, the appointment/name of an auditor and the scope of audit would be provided to the service provider. 6.4 Conduct The auditor would be required to carry out an audit honestly and fairly, with appropriate skill and care, based on the established facts, and in a timely, practical and helpful manner. Unless agreed otherwise between the applicable agency or other customer and the service provider, the auditor would not divulge any confidential information, or audit findings, to parties other than the applicable agency, other customer or service provider. The information made available to a customer, auditor organisation and other auditor may be restricted for commercial reasons. 6.5 Reports Each auditor should provide a written report on audit findings and any nonconformities. Any constraints that impair the ability of an auditor to express an opinion should be noted in the report. 6.6 Actions Essential components of a Quality Management System are the service provider’s management commitment and action to improve continuously the Quality Management System. Following receipt of an audit report, the service provider would explain to the customer the action proposed to correct any nonconformities and prevent their recurrence, and to verify the action taken. 17 Quality Management Systems Guidelines – Edition 3 Appendices A - Quality Management System documentation requirements guide B - Contract responsibilities for quality management C - Quality Management System assessment checklist D - Quality Management Plan assessment checklist E - Guideline for Inspection and Test Plans F - Typical contract and tender clauses and schedule G - Typical audit arrangements 18